Newsgroups: php.internals
Path: news.php.net
Xref: news.php.net php.internals:90254
Return-Path: <pierre.php@gmail.com>
Mailing-List: contact internals-help@lists.php.net; run by ezmlm
Delivered-To: mailing list internals@lists.php.net
Received: (qmail 14272 invoked from network); 7 Jan 2016 15:51:47 -0000
Received: from unknown (HELO lists.php.net) (127.0.0.1)
  by localhost with SMTP; 7 Jan 2016 15:51:47 -0000
Authentication-Results: pb1.pair.com smtp.mail=pierre.php@gmail.com; spf=pass; sender-id=pass
Authentication-Results: pb1.pair.com header.from=pierre.php@gmail.com; sender-id=pass
Received-SPF: pass (pb1.pair.com: domain gmail.com designates 209.85.214.171 as permitted sender)
X-PHP-List-Original-Sender: pierre.php@gmail.com
X-Host-Fingerprint: 209.85.214.171 mail-ob0-f171.google.com  
Received: from [209.85.214.171] ([209.85.214.171:33829] helo=mail-ob0-f171.google.com)
	by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP
	id 6C/C0-09042-2998E865 for <internals@lists.php.net>; Thu, 07 Jan 2016 10:51:46 -0500
Received: by mail-ob0-f171.google.com with SMTP id wp13so194579080obc.1
        for <internals@lists.php.net>; Thu, 07 Jan 2016 07:51:46 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :cc:content-type;
        bh=v5CIzBvcVo+cDU4AGJTSFqrtUHVdceOj2qeIMui6n7k=;
        b=wv/PENqtt0rIay/WW2L9D3IVU8NNhN+DQbtbhZTVGU0E23uI+Qu/l3ymjh8ov+aU2o
         eGU4MKIQDvTVQ6jkjKGlnWOhxxOI15SdMKhJQwtoP9+Bqq8UcVC3Tp910EsqjoC4a16z
         HGFKDODFwuQ6TbSqyTlp3y2MqySvuFiv1wYbOzC93mnr3I5uC0/y6atfP5VS1iPVTGO/
         7RID83Zqy5JG8dPuVK7+rhfObkWvxlyBul8SM6QFaCM/iJXwkLfQzPKWJVInjv/CcJhP
         xiaY2ScSLQPXfONo7mO6d/HHf0wxVaHZHhvmiyAa2pXmPEZz0zNdGb5wwQxJSHF6h2mH
         GTLw==
MIME-Version: 1.0
X-Received: by 10.60.16.198 with SMTP id i6mr80010239oed.19.1452181903464;
 Thu, 07 Jan 2016 07:51:43 -0800 (PST)
Received: by 10.202.64.136 with HTTP; Thu, 7 Jan 2016 07:51:43 -0800 (PST)
In-Reply-To: <CAKws9z1g24rD=t92+9xKtO=3PuwQ3_N=L36gmVMqCC84CoqipQ@mail.gmail.com>
References: <CAKws9z1g24rD=t92+9xKtO=3PuwQ3_N=L36gmVMqCC84CoqipQ@mail.gmail.com>
Date: Thu, 7 Jan 2016 22:51:43 +0700
Message-ID: <CAEZPtU7-Lk=jGsTQgRZOvBpcPPgdX3V-23=3_k9CXbmxU77V1A@mail.gmail.com>
To: Scott Arciszewski <scott@paragonie.com>
Cc: PHP Internals <internals@lists.php.net>
Content-Type: text/plain; charset=UTF-8
Subject: Re: [PHP-DEV] [RFC] Libsodium
From: pierre.php@gmail.com (Pierre Joye)

HI Scott,

On Thu, Jan 7, 2016 at 8:26 PM, Scott Arciszewski <scott@paragonie.com> wrote:
> Hi everyone,
>
> I've updated the RFC to make libsodium a core PHP extension in 7.1, to
> include references to the online documentation.
>
> https://wiki.php.net/rfc/libsodium
>
> All new functions and classes would exist in the Sodium namespace. e.g.
>
>     $ciphertext = \Sodium\crypto_box($message, $nonce, $keypair);

As much as I like libsodium, yet another extension with yet another
library in the core sounds like a risk to me, long term. I would
rather prefer to focus on a larger effort to provide the necessary
features in the most easiest way using new APIs or existing
extensions, as you mentioned already in previous discussions and in
this mail. That's why I won't be in favor of bundling this one.

> This is part of an overall effort to improve PHP's cryptography; up
> next will be the pluggable crypto API that supports multiple backends
> (with a scope limited to openssl and libsodium at the time of release)
> but always provide conservative defaults. Then I'd like to look at
> deprecating ext/mcrypt back to PECL and add more hash functions to
> ext/hash.

This is definitely the way. Thanks for your great work :)

Cheers,
Pierre